6

I have two X509Certificate2s. Call them toCheck and checkWith.

How can I check that toCheck was signed by the private key of checkWith?

Basically, I want the C# equivalent of Java's

toCheck.verify(checkWith.getPublicKey());

Thanks

Cᴏʀʏ
  • 105,112
  • 20
  • 162
  • 194
Eric
  • 4,201
  • 5
  • 27
  • 36

1 Answers1

1

I'm not sure what the value of that would be. What if the certificate used to sign (checkWith) was revoked? It sounds like you'd have a false sense of validation.

If you want to validate a certificate, you can use the X509Certificate2.Verify method

Peter Ritchie
  • 35,463
  • 9
  • 80
  • 98
  • The value is in confirming that toCheck was signed by checkWith. In other words, in addition to the ordinary validations (cert is legit, dates are legit, signer not revoked, etc.), I also want to know that checkWith signed it. – Eric Sep 20 '12 at 22:04
  • Verify verifies that the cert was signed by a valid cert... Simply checking that a cert is signed by another doesn't mean the signing cert is valid... Verify verifies the entire chain of certs. – Peter Ritchie Sep 20 '12 at 22:36
  • I understand that. But checking that a cert is "signed by a valid cert" is insufficient for my purposes. I want to know that it was signed by THIS valid cert. – Eric Sep 21 '12 at 00:49
  • To the best of my knowledge the signature is not available. While you could calculate a signature from the results of GetRawCertData, there's nothing to compare it to. The recommended method to verify a cert is to use the X509Chain. If you created the cert from DER data, you could manually extract the signature, calculate a signature with the other cert and compare... – Peter Ritchie Sep 21 '12 at 01:47